Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unattended must change API default password by default #1523

Closed
alberpilot opened this issue May 6, 2022 · 3 comments · Fixed by #1548
Closed

Unattended must change API default password by default #1523

alberpilot opened this issue May 6, 2022 · 3 comments · Fixed by #1548
Assignees
@miguelfdez99

Comments

@alberpilot
Copy link
Contributor

Currently, the Wazuh installation assistant doesn't change the Wazuh API password by default and it must be implemented.
@miguelfdez99 miguelfdez99 self-assigned this May 11, 2022
@miguelfdez99 miguelfdez99 mentioned this issue May 16, 2022
Merged
@alberpilot alberpilot moved this to In Progress in Release 4.3.4 May 23, 2022
@miguelfdez99
Copy link
Contributor

miguelfdez99 commented May 24, 2022
edited
Loading

We want to be able to change the API password of certain users using the password tool, so a new functionality is going to be added to the password tool. This change will not only change the default API password when performing the unattended installation, but will allow us to change the password whenever we want.

I have added the options --api , --id-api, --admin-user and --admin-password

    echo -e "        -ai,  --api <currentPassword>"
    echo -e "                Change the Wazuh API password given the current password, it needs --id-api ,--user and --password."
    echo -e "                If not an administrator --admin-user and --admin-password need to be provided."
    echo -e ""
    echo -e "        -au,  --admin-user <adminUser>"
    echo -e "                Admin user for Wazuh API it is needed when the user given it is not an administrator"
    echo -e ""
    echo -e "        -ap,  --admin-password <adminPassword>"
    echo -e "                Password for Wazuh API admin user, it is needed when the user given it is not an administrator"
    echo -e ""
    echo -e "        -id,  --id-api <id>"
    echo -e "                ID for Wazuh API user to be changed"

To change the API password we need the current password, the id of the user we want to change, the user and the new password. For the user and the new password we have to include the --user and --password flags.
The admin flag is needed when the user we are going to change his password is not an administrator, so it is necessary to provide the credentials of an administrator.

Example of use:

[root@ip-172-31-3-174 ec2-user]# ./wazuh-passwords-tool.sh -A '12wE?uhhudsuhsdhushd' -id 101  -u user -p '1wA?kdjhbuwibdialjda2' -au wazuh -ap wu1PSTkWcndjARCSa7cLlWWK9[BxTg8

[root@ip-172-31-3-174 ec2-user]# ./wazuh-passwords-tool.sh -A 'wu1PSTkWcndjARCSa7cLlWWK9[BxTg8' -id 1  -u wazuh -p '1wA?kdjhbuwibdialjda2'

Output:

24/05/2022 10:09:03 INFO: Changing API user user password
24/05/2022 10:09:03 INFO: API password changed
24/05/2022 10:09:03 INFO: The new password for user user is 1wA?kdjhbuwibdialjda2

24/05/2022 10:14:49 INFO: Changing API user wazuh password
24/05/2022 10:14:49 INFO: API password changed
24/05/2022 10:14:49 INFO: The new password for user wazuh is 1wA?kdjhbuwibdialjda2

@alberpilot alberpilot linked a pull request Jun 2, 2022 that will close this issue
Installation assistant Wazuh API default password change #1548
Merged
@alberpilot alberpilot moved this from In Progress to In review in Release 4.3.4 Jun 2, 2022
@snaow snaow removed this from Release 4.3.4 Jun 2, 2022
@snaow snaow moved this to In review in Release 4.3.5 Jun 2, 2022
@gdiazlo
Copy link
Member

gdiazlo commented Jun 8, 2022

The issue wazuh/wazuh-documentation#5578 could be related to this effort.

@snaow
Copy link
Contributor

snaow commented Jun 8, 2022

Closed by https://github.com/wazuh/wazuh-packages/pull/1548/files

@snaow snaow closed this as completed Jun 8, 2022
Repository owner moved this from In review to Done in Release 4.3.5 Jun 8, 2022
@snaow snaow removed this from Release 4.3.5 Jun 8, 2022
@snaow snaow moved this to Triage in Release 4.3.4 Jun 8, 2022
@snaow snaow moved this from Triage to Done in Release 4.3.4 Jun 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@miguelfdez99 miguelfdez99

Labels
None yet
Projects
No open projects
Release 4.3.4
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Installation assistant Wazuh API default password change wazuh/wazuh-packages
4 participants
@snaow @gdiazlo @alberpilot @miguelfdez99